In addition to the DDoS campaign and claimed theft of Microsoft accounts, Anonymous Sudan has busied itself with a campaign of attacks against European banks as of late. Microsoft says there is no evidence of a data breach.
Failure to strictly follow children's privacy laws on the Xbox Live gaming service is about to cost Microsoft a substantial amount of money, as the company has settled a FTC case with a $20 million fine for inappropriate collection and storage of personal data.
Microsoft Azure cloud container vulnerability allows an attacker to escape their container and compromise other user's containers on the same cloud services by executing malicious code.
The data leak reportedly stems from the activity of two AI researchers, who had disk backups of their workstations exposed. This included some 30,000 messages with assorted Microsoft team members in addition to private keys, login credentials and internal secrets.
The CSRB found that the security breach was preventable, and that a "a corporate culture that deprioritized enterprise security investments and rigorous risk management" ended up leaving open doors for the Chinese hackers.
Though Microsoft is hardly alone in terms of cloud services experiencing serious security breaches, a string of Redmond mishaps appears to have prompted new security reviews by the Cyber Safety Review Board (CSRB).
While the tech companies seem to be in full support of passwordless authentication, the tech community remains divided on whether it is really "ready for primetime."
Microsoft faces a hefty fine over Bing cookie consent issues, and has additionally been given three months to get the system into compliance or it could face additional fines of €60,000 per day.
Survey expressing anti-Microsoft sentiment was paid for in part and published by Google Cloud. It polled 2,600 currently employed residents of the US, 338 of these government employees.
Microsoft discovered a coordinated phishing campaign targeting Office 365 users and leveraging an Adversary-in-the-Middle (AiTM) MFA bypass to execute business email compromise (BEC) attacks and commit fraud.